Malicious URL attacks returned in Q3

The most recent report revealed the tendency that malicious URL emails soared by 600% in the third quarter. According to the security firm Proofpoint, the volume of these emails increased by 85% in comparison with the previous quarter. The security vendor reported that the third quarter became a flashpoint for security researchers – “a time of peak message volumes and a preview of tools and techniques attackers will use in the coming months.”

Proofpoint provides the key findings of the daily analysis. The analysis includes over a billion emails, more than hundreds of millions social media posts and about 150 million malware samples.[1]

The analysis starts with the malicious URL emails. According to the results, the volume of emails that include malicious URLs soared by 600% compared to the second quarter and 2,200% from the third quarter last year.

Moreover, these results represent the highest increase of malicious emails in the past two years.

The report reveals that the first in the threat category, ransomware, showed up as the most widely used attack method with 64% of all email attempts. A ransomware called Locky was the most common strain and consists 55% of the total malicious emails’ volume and over 86% of all ransomware.

Further, banking Trojans comes next with 24% of the whole share. The most used banking Trojan was The Trick which is also known as Trickbot and comes with 70% of the total, followed by Dridex, Zloader and Retefe.

In addition, email fraud grew by 12% in frequency per attacked organizations compared to the previous quarter and 32% compared to 2016. Domain spoofing was the most common fraud technique which continues to increase. Email fraud targets all industries, however, the manufacturing industry remains to be targeted more than others.

On the other hand, the volume of the use of exploit kits is much lower than it was in 2016. Rig EK exploit kit represents 73% of all this malicious activity.

When it comes to social media trends, the number of false customer-support accounts increased twice compared to the last year quarter.[2]

Proofpoint tracked two categories including “Support fraud accounts used for so-called “angler phishing” and more traditional phishing links that lead users to pages that steal credentials and personal information”.

The vendor also provides recommendations that include:

Combat typo squatting on the web

Deploy email authentication

Protect users from malicious emails threats

Communicate with threat intelligence vendor

Protect your brand from impostors on social media

About the author

Linas Kiguolis
- Senior IT developer

Linas Kiguolis is a senior IT developer and news editor at Reviewedbypro.com. He has a major in Applied Computer Science because IT has been his passion for a very long time even before he went to college.